The md5crypt() author says the algorithm is no longer secure

THE AUTHOR of md5crypt(), which is used to encrypt passwords on some FreeBSD and Linux-based operating systems, has said it is no longer secure despite being recommended as a password hashing function.

Poul-Henning Kamp implemented Ronald Rivest's MD5 one-way hashing algorithm in his md5crypt() function that has been in use on FreeBSD and Linux-based operating systems for many years. Now Kamp has been forced to say that md5crypt() is no longer secure after he claimed that people were still recommending it for production use.

While Kamp introduced extra functionality in md5crypt() to mitigate brute-force attacks, processing power has increased to a point where Kamp said that md5crypt() is too fast on commercially available hardware. He told The INQUIRER, "[The] only problem with md5crypt is speed: it's too fast."

Kamp also told The INQUIRER that it had been known for some time that md5crypt() could no longer provide adequate protection, but since people were still recommending the use of md5crypt() in production environments that forced him to make an announcement, urging people to stop using his creation.

While MD5 was cracked using brute force methods back in 2005, Kamp included extra stages in md5crypt() such as salting to increase its computational complexity, and md5crypt() remained too processor intensive for brute force attacks for a while longer. However md5crypt() is the best part of two decades old by now and more computing power, especially with GPGPUs, has meant that hackers can execute md5crypt() on every combination of 10 letters and numbers in a matter of hours.

All hashing algorithms eventually become susceptible to brute-force attacks due to advances in computational power. However the fact that Kamp has been forced to make such an announcement shows that bad practices are still far too common, and that can cost people in terms of security. µ